About Agenteach
Agenteach is an educational technology platform dedicated to empowering teachers with intelligent, AI-driven tools that streamline lesson planning, enhance student feedback, and reduce administrative overhead. Built by educators for educators, Agenteach is designed as a school-controlled, teacher-reviewed documentation and workflow assistant: it prepares drafts and records for authorized users, while educators and districts remain in control.
Trust posture
Agenteach's near-term trust posture is to be designed for FERPA/COPPA-aligned, DPA-ready K-12 workflows. We do not claim SOC 2, ISO 27001, 1EdTech, SDPC registry, or iKeepSafe badge completion unless and until the relevant third-party process is complete. For pilots, the priority is a signed district data/privacy agreement, a field-level data map, a subprocessor list, no-training AI commitments, MFA and least privilege, deletion/export support, incident response, and external security-review evidence.
Signed DPA/DSA, data dictionary, subprocessor list, no-sale/no-ads/no-training commitments, MFA, token encryption, no raw student-content logs, deletion/export process, and incident-response plan.
SDPC/NDPA-style packet, vendor-risk packet, AI-use statement, Google OAuth least-privilege posture, US residency commitment, admin-visible data inventory, and audit export.
SOC 2 readiness then Type I/II, external penetration testing cadence, 1EdTech TrustEd Apps preparation, and iKeepSafe-style FERPA/COPPA review if the product scope requires it.
Part 1
Agenteach is a helper. It can organize notes, draft messages, and prepare work for you to review. You stay in charge.
01 · You approveIt does not automatically send messages, submit records, grade students, discipline students, diagnose students, or confirm IEP/504 service delivery. It prepares drafts. A teacher or authorized staff member reviews and decides what happens next.
02 · Less dataFor roster-light workflows, that may mean a student name, class/course, and guardian contact only when a parent draft is enabled. We do not need student web-browsing history, precise location, social media profiles, or extra demographic data.
03 · School controlDistricts approve the service, integrations, retention settings, exports, deletion, and subprocessors through a DPA/NDPA or similar agreement. Access is scoped by district, school, class, role, and student relationship.
04 · Safe AI useAI can help summarize, extract, classify, rewrite, or draft from teacher-selected context. It must not invent facts, make final decisions, or train on student data. Teachers review outputs before anything is sent, exported, routed, or saved as an official-looking record.
Simple promise
Agenteach is for school work only. We do not sell student data, rent it, target ads, build commercial profiles, or use student data to train AI models. The MVP is teacher-only; if student-facing features are added later, they will require additional COPPA and district consent controls.
Part 2
Agenteach uses a district-authorized, teacher-reviewed architecture: React/Next.js for the interface, a policy-enforcing backend for authorization and audit, school-controlled Google Workspace storage by default for student-bearing content, and encrypted US-hosted infrastructure for district-approved application records.
Student-bearing artifacts are kept in the school or teacher's approved Google Workspace by default, with Agenteach storing references and workflow metadata where possible. When a district authorizes Agenteach-hosted records under a DPA/NDPA or similar agreement, they are processed in encrypted US-hosted systems with private networking and no public database access.
Every sensitive request is checked server-side by role, district, school, class/course membership, student relationship, data category, and record state. Role alone is not enough.
Traffic uses HTTPS/TLS, security headers, CDN/WAF controls, rate limits, upload size/type limits, and backend-issued short-lived upload URLs. Sensitive student data is not stored in browser localStorage, sessionStorage, or IndexedDB.
Databases, object storage, backups, OAuth tokens, transcripts, exports, and temporary processing artifacts use encryption, scoped access, lifecycle deletion, and district-tagged metadata where applicable.
Internal IAM
Least privilege + Zero Trust
MFA is enforced for internal users and district admins. Staff access follows district policy and supported SSO requirements.
Production PII
Temporary, logged access
No standing internal access to district data. Support access is ticketed, approved, time-limited, read-only by default, and fully logged.
District identity
SAML 2.0 + OAuth 2.0
Google and Microsoft OAuth are first; Clever, ClassLink, OneRoster, SAML/OIDC, LMS, SIS, and IEP integrations are added only through district-approved, least-privilege scopes.
Privacy governance
Student-linked behavior notes, attendance nuance, grades, observations, parent communication drafts, and IEP/504 or accommodation logs are treated as education records when tied to identifiable students. Governance is designed to align with FERPA school-official workflows, COPPA school-consent structures where under-13 data is in scope, SDPC/NDPA expectations, and comparable state student privacy obligations.
Retention policies are configurable by district, record type, data class, and contract/state requirement. On contract termination or authorized LEA request, data is returned/exported and then deleted or de-identified where legally allowed; some compliance records may require correction entries or legal hold instead of silent deletion.
AI calls go through a backend safety layer, not directly from the browser. The system minimizes prompts, detects sensitive content before AI/export, records provider/model/redaction metadata in audit logs, and uses DPA/subprocessor terms with no-training and no-retention commitments where available.
Subprocessors needed to deliver Agenteach, such as hosting, email, AI, transcription, monitoring, and file-processing vendors, are bound by DPAs or equivalent terms. We maintain a minimized subprocessor list, review vendor controls before use, and flow down privacy, security, deletion, confidentiality, and breach-response obligations.
District-ready MVP guardrails
For early district use, Agenteach focuses on evidence capture, observation notes, draft communications, grade-to-review-grid workflows, teacher tasks, field-level data transparency, and admin-visible privacy controls — while deferring autonomous actions and direct official-system writeback.
- • Teacher identity, tenant model, secure access, and admin-managed domains.
- • Roster-light student picker with minimal fields.
- • Evidence inbox with extraction, warnings, and teacher confirmation.
- • Parent communication drafts that teachers edit and explicitly send.
- • District-visible dashboard for field-level data maps, OAuth scopes, retention, subprocessors, audits, integrations, deletion/export status, and AI provider settings.
- • Direct attendance, SIS, LMS, gradebook, or IEP writeback until contracts, rollback/correction, and audit are mature.
- • Student accounts or student chatbot features in the MVP.
- • Auto-send parent/admin messages or automated escalation.
- • AI discipline, mental health, special education, or service-delivery conclusions.
- • Background Gmail scanning, full-drive scanning, broad mailbox access, session replay, ad trackers, unnecessary telemetry on student-data pages, or raw student content in application logs.
SAST, dependency scanning, secret scanning, infrastructure-as-code scanning, DAST for staging, runtime monitoring, and a pre-pilot or annual penetration-testing roadmap help detect and patch risks.
In the event of a suspected breach, the response plan calls for immediate isolation of affected systems, investigation and forensic support, preservation of audit evidence, and notice to impacted LEAs within contractually and legally required timelines.
Need district review materials?
For security questionnaires, DPA/NDPA or DSA review, data-dictionary review, HECVAT/CAIQ-style diligence, subprocessor review, AI policy review, or pilot planning, contact Agenteach and we’ll share the appropriate supporting materials.